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DETAILED ACTION 
Response to Arguments 

1. Claim 22 has been canceled by Applicant. Claims 2, 5, 8, 12, 15 and 18 have 
been amended. 

2. Regarding to the amendment of claims 5 and 1 5, the amendment reflects changes 
to the preamble. Therefore the amendment of the instant claims has not been given 
patentable weight because the amended recitation occurs in the preamble. A preamble 
is generally not accorded any patentable weight where it merely recites the purpose of a 
process or the intended use of a structure, and where the body of the claim does not 
depend on the preamble for completeness but, instead, the process steps or structural 
limitations are able to stand alone. See In re Hirao, 535 F.2d 67, 190 USPQ 15 (CCPA 
1976) and Kropa v. Robie, 187 F.2d 150, 152, 88 USPQ 478, 481 (CCPA 1951). 

3. Applicant states that Kung and McAuliffe fail to teach all the limitations of 
independent claims 2, 8, 12 and 18. Applicant states that Kung and McAuliffe fail to 
teach or suggest decrypting the server authentication response without user interaction 
in order to prevent a user from colluding with an authorized server. Examiner 
respectfully disagrees with this interpretation of the prior art of record. According to 
Kung, "...decrypting the server authentication response..." is met by password entered 
at workstation (1 1 in Fig.1), which is used to decrypt the encrypted 

password received from the server workstation (see Fig.2, block 35). User merely 
enters the password, however there is no user actions are taken in the actual decryption 
process of the encrypted server response. 

The limitation "...to prevent a user from colluding with an unauthorized server to 
circumvent server authentication" is met by the authentication process described in 
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blocks 33 - 38 of Fig. 2. Contrary to Applicant's assertions, the user password files 
stored in the password file (14 in Fig. 1) at the server side provides an absolutely no 
chance for any user to collude with any unauthorized server. 

4. Regarding the independent claims 8 and 1 8, Applicant argues that the limitation 
"interpreting no response as an indication that the server is not authorized" has not 
been addressed. Examiner points out that according to Kung, that file server can only 
be authenticated upon receiving response at the client. In case of no response the 
authentication process of Kung would not work, therefore Kung does teach the "no 
response" limitation. Examiner states that in view of the reasons provided herein the 
prima facie case of obviousness with regard to all of the independent claims 2, 8, 12 
and 18 has been properly established, since the combination of Kung and McAuliffe 
teaches or suggests all the limitation recited in the instant claims. 

5. Rejection of claim 2-21 is maintained. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 2-5, 7-10,1 2-1 5 and 1 7-20 are rejected under 35 U .S.C. 1 03(a) as being 
unpatentable over Kung (U.S. Patent No. 5.434.918) in view of McAuliffe (U.S. Patent 
No. 5.838.790). 

8. Referring to the instant claims Kung discloses a method for providing 
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mutual authentication of a user and a server on a network (see abstract and 
Fig.1). Kung teaches a mutual authentication method for use in authenticating a user 
that operates a client workstation that is coupled to a file server workstation 
having a password file comprising a password known to the user (see Fig. 1 and 
column 1 , lines 47-50). Kung teaches that the method comprises the 
following steps: A logon ID is transmitted from the client workstation to the server 
workstation. The stored user password corresponding to the user ID is retrieved 
using the transmitted logon ID is retrieved from the password file. A random 
number is created that is encrypted by a symmetric encryption algorithm on the 
server workstation using the retrieved user password, and which provides an 
encrypted password. The user is then requested to enter the password into the 
user workstation. The entered password is used to decrypt the encrypted 
password received from the server workstation and retrieve the random number 
therefrom to authenticate the server workstation. The random number is then 
used as the encryption and decryption key for communication between the user 
and server workstations. An encrypted message is transmitted using the random 
number from the client workstation to the server workstation. The encrypted 
message is decrypted at the server workstation to authenticate the user (see 
column 1, lines 53-68). 

9. Referring to claims 2, 5, 8, 12,15, 18, 20 the limitation 

" generating a server authentication request at the client to verify that the server is 

authorized to provide at least one resource to the client: 

transmitting the server authentication request to the server " is met by a logon ID 
transmitted from the client workstation to the server workstation (see Fig.2. block 31). 
Unit 18 (in Fig. 1) is a file server. File servers always provide files to the authorized 
clients, which meets the limitation "provide at least one resource to the client ". The 
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limitation "...receiving an encrypted server authentication response from the server..." is 

met by encrypted password received from the server workstation (see Fig. 2, block 35). 

The limitation "...decrypting the server authentication response..." is met by password 

entered at workstation (1 1 in Fig.1), which is used to decrypt the encrypted 

password received from the server workstation (see Fig.2, block 35). 

The limitation "...to prevent a user from colluding with an unauthorized server to 

circumvent server authentication" is met by the authentication process described in 

blocks 33 - 38 of Fig. 2. The user password files stored in the password file (14 in Fig. 

1 ) at the server side provides an absolutely no chance for any user to collude with an 

unauthorized server. Kung, however, does not explicitly teach disabling client functions 

if the server is not authorized to provide resource to the client. 

10. Referring to the instant claims, McAuliffe discloses an advertisement 

authentication system in which advertisements are downloaded for off-line 

display (see abstract and Fig. 1 A). McAuliffe shows a client computer connected 

to the server computers over the network (see units 2 and 20, 22, 24, 25, 27 in 

Fig. 1 A). McAuliffe teaches advertisement authentication system capable 

of detecting various forms of advertisement and statistics file tampering. McAuliffe 

teaches that client software disabling are instituted after multiple incidents of 

"tampering" are detected within a short time period (seecolumn 1 1 , lines 9-12). 

Therefore, at the time the invention was made, it would 

have been obvious to one of ordinary skill in the art to modify the system for 

authentication of a user and a server on a network of Kung by disabling client 

functions in case of detection of tempering (i.e. negative result of authentication) 

as taught in McAuliffe. One of ordinary skill in the art would have been motivated 

to disable client functions in case of a negative result of authentication as taught 

in McAuliffe for making sure that the advertisements are properly displayed at a 



Application/Control Number: 09/978,536 Page 
Art Unit: 2132 

remote computer (see McAuliffe, abstract). 

1 1 . Referring to claim 4, 8, 9, 1 4, 1 8 and 1 9 the limitations "disable one or more 
functions until after a grace period" and " after an allotted period of time..." is met 
by disabling client functions after a number of incidents of "tampering" in a time 
period (see McAuliffe, column 1 1 , lines 9 -12). 

12. Referring to claims 5 and 10, McAuliffe shows the client authenticating multiple 
downloads (see units 2 and 20, 22, 24, 25, 27 in Fig. 1A). 

1 3. Referring to claim 7 and 1 7, Kung teaches that a random number 
created is encrypted by a symmetric encryption algorithm on the server 
workstation using the retrieved user password, and which provides an encrypted 
password (column 1, lines 53-68). 

14. Claims 6, 1 1 , 16 and 21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kung (U.S. Patent No. 5.434.918) in view of McAuliffe (U.S. 
Patent No.5.838.790) and further in view Guthrie (U.S. Patent No. 6.161 .185). 

1 5. Referring to the instant claims, Kung and McAuliffe teach disabling client 
functions when server authentication response fails to indicate that server is 
authorized to provide resources. Kung and McAuliffe, however, do not explicitly 
teach determining when a subsequent authentication response should occur 
based on expiration information. 

1 6. Referring to the instant claims, Guthrie discloses personal 
authentication system and method for multiple computer platform (see abstract). 
Guthrie shows a client-server system (see Figs. 1A and 1B). Guthrie teaches 
determining weather authentication request had been made during the 
expiration notification time (see column 9, lines 40-55). Therefore, at the time the 
invention was made, it would have been obvious to one of ordinary skill in the art 
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to have a server authentication response of Kung and McAuliffe 
comprising expiration information and to determine weather authentication 
response had occurred as taught in Guthrie. One of ordinary skill in the art would 
have been motivated to have a server authentication response of Kung and 
McAuliffe comprising expiration information and to determine weather 
authentication response had occurred as taught in Guthrie for allowing a user 
to attempt to authenticate himself for a configurable number of 
allowances after his password expiration time value has passed (see 
Guthrie column 9, lines 50-55). 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Grigory Gurshman whose telephone number is (703) 
306-2900. The examiner can normally be reached on 9 AM-5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (703) 305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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